Path-Sensitive Dataflow Analysis with Iterative Refinement

In this paper, we present a new method for supporting abstraction refinement in path-sensitive dataflow analysis. We show how an adjustable merge criterion can be used as an interface to control the degree of abstraction. In particular, we partition the merge criterion with two sets of predicates —...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Dhurjati, Dinakar, Das, Manuvir, Yang, Yue
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 442
container_issue
container_start_page 425
container_title
container_volume
creator Dhurjati, Dinakar
Das, Manuvir
Yang, Yue
description In this paper, we present a new method for supporting abstraction refinement in path-sensitive dataflow analysis. We show how an adjustable merge criterion can be used as an interface to control the degree of abstraction. In particular, we partition the merge criterion with two sets of predicates — one related to the dataflow facts being propagated and the other related to path feasibility. These tracked predicates are then used to guide merge operations and path feasibility analysis, so that expensive computations are performed only at the right places. Refinement amounts to lazily growing the path predicate set to recover lost precision. We have implemented our refinement technique in ESP, a software validation tool for C/C++ programs. We apply ESP to validate a future version of Windows against critical security properties. Our experience suggests that applying iterative refinement to path-sensitive dataflow analysis is both effective in cutting down spurious errors and scalable enough for solving real world problems.
doi_str_mv 10.1007/11823230_27
format Conference Proceeding
fullrecord <record><control><sourceid>pascalfrancis_sprin</sourceid><recordid>TN_cdi_pascalfrancis_primary_19206628</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>19206628</sourcerecordid><originalsourceid>FETCH-LOGICAL-p219t-f5ce9b1dd8af1c6508cfb0022d24f8ddff0330482f3791fc52b986b5a62603e73</originalsourceid><addsrcrecordid>eNpVkDtPwzAUhc1LopRO_IEsDAyB63sTP9iq8pQqgXjMlpPY1JCmVWxR9d9TKANMZ_g-nSMdxk44nHMAecG5QkICg3KHjbRUVBZAUpYKdtmAC85zokLv_WNC7LMBEGCuZUGH7CjGdwBAqXHALh9tmuXProshhU-XXdlkfbtYZePOtusYYrYKaZbdJ9fbH-HJ-dC5uevSMTvwto1u9JtD9npz_TK5y6cPt_eT8TRfItcp92XtdMWbRlnPa1GCqn21mccGC6-axnsggkKhJ6m5r0ustBJVaQUKICdpyE63vUsba9v63nZ1iGbZh7nt14ZrBCFQbbyzrRc3qHtzvakWi49oOJjv88yf8-gLXjtbWg</addsrcrecordid><sourcetype>Index Database</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Path-Sensitive Dataflow Analysis with Iterative Refinement</title><source>Springer Books</source><creator>Dhurjati, Dinakar ; Das, Manuvir ; Yang, Yue</creator><contributor>Yi, Kwangkeun</contributor><creatorcontrib>Dhurjati, Dinakar ; Das, Manuvir ; Yang, Yue ; Yi, Kwangkeun</creatorcontrib><description>In this paper, we present a new method for supporting abstraction refinement in path-sensitive dataflow analysis. We show how an adjustable merge criterion can be used as an interface to control the degree of abstraction. In particular, we partition the merge criterion with two sets of predicates — one related to the dataflow facts being propagated and the other related to path feasibility. These tracked predicates are then used to guide merge operations and path feasibility analysis, so that expensive computations are performed only at the right places. Refinement amounts to lazily growing the path predicate set to recover lost precision. We have implemented our refinement technique in ESP, a software validation tool for C/C++ programs. We apply ESP to validate a future version of Windows against critical security properties. Our experience suggests that applying iterative refinement to path-sensitive dataflow analysis is both effective in cutting down spurious errors and scalable enough for solving real world problems.</description><identifier>ISSN: 0302-9743</identifier><identifier>ISBN: 9783540377566</identifier><identifier>ISBN: 3540377565</identifier><identifier>EISSN: 1611-3349</identifier><identifier>EISBN: 9783540377580</identifier><identifier>EISBN: 3540377581</identifier><identifier>DOI: 10.1007/11823230_27</identifier><language>eng</language><publisher>Berlin, Heidelberg: Springer Berlin Heidelberg</publisher><subject>Applied sciences ; Computer science; control theory; systems ; Exact sciences and technology ; Model Check ; Path Feasibility ; Program Point ; Real Error ; Software ; Software engineering ; Symbolic State</subject><ispartof>Lecture notes in computer science, 2006, p.425-442</ispartof><rights>Springer-Verlag Berlin Heidelberg 2006</rights><rights>2007 INIST-CNRS</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/11823230_27$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/11823230_27$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>309,310,775,776,780,785,786,789,4035,4036,27904,38234,41421,42490</link.rule.ids><backlink>$$Uhttp://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&amp;idt=19206628$$DView record in Pascal Francis$$Hfree_for_read</backlink></links><search><contributor>Yi, Kwangkeun</contributor><creatorcontrib>Dhurjati, Dinakar</creatorcontrib><creatorcontrib>Das, Manuvir</creatorcontrib><creatorcontrib>Yang, Yue</creatorcontrib><title>Path-Sensitive Dataflow Analysis with Iterative Refinement</title><title>Lecture notes in computer science</title><description>In this paper, we present a new method for supporting abstraction refinement in path-sensitive dataflow analysis. We show how an adjustable merge criterion can be used as an interface to control the degree of abstraction. In particular, we partition the merge criterion with two sets of predicates — one related to the dataflow facts being propagated and the other related to path feasibility. These tracked predicates are then used to guide merge operations and path feasibility analysis, so that expensive computations are performed only at the right places. Refinement amounts to lazily growing the path predicate set to recover lost precision. We have implemented our refinement technique in ESP, a software validation tool for C/C++ programs. We apply ESP to validate a future version of Windows against critical security properties. Our experience suggests that applying iterative refinement to path-sensitive dataflow analysis is both effective in cutting down spurious errors and scalable enough for solving real world problems.</description><subject>Applied sciences</subject><subject>Computer science; control theory; systems</subject><subject>Exact sciences and technology</subject><subject>Model Check</subject><subject>Path Feasibility</subject><subject>Program Point</subject><subject>Real Error</subject><subject>Software</subject><subject>Software engineering</subject><subject>Symbolic State</subject><issn>0302-9743</issn><issn>1611-3349</issn><isbn>9783540377566</isbn><isbn>3540377565</isbn><isbn>9783540377580</isbn><isbn>3540377581</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2006</creationdate><recordtype>conference_proceeding</recordtype><recordid>eNpVkDtPwzAUhc1LopRO_IEsDAyB63sTP9iq8pQqgXjMlpPY1JCmVWxR9d9TKANMZ_g-nSMdxk44nHMAecG5QkICg3KHjbRUVBZAUpYKdtmAC85zokLv_WNC7LMBEGCuZUGH7CjGdwBAqXHALh9tmuXProshhU-XXdlkfbtYZePOtusYYrYKaZbdJ9fbH-HJ-dC5uevSMTvwto1u9JtD9npz_TK5y6cPt_eT8TRfItcp92XtdMWbRlnPa1GCqn21mccGC6-axnsggkKhJ6m5r0ustBJVaQUKICdpyE63vUsba9v63nZ1iGbZh7nt14ZrBCFQbbyzrRc3qHtzvakWi49oOJjv88yf8-gLXjtbWg</recordid><startdate>2006</startdate><enddate>2006</enddate><creator>Dhurjati, Dinakar</creator><creator>Das, Manuvir</creator><creator>Yang, Yue</creator><general>Springer Berlin Heidelberg</general><general>Springer</general><scope>IQODW</scope></search><sort><creationdate>2006</creationdate><title>Path-Sensitive Dataflow Analysis with Iterative Refinement</title><author>Dhurjati, Dinakar ; Das, Manuvir ; Yang, Yue</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-p219t-f5ce9b1dd8af1c6508cfb0022d24f8ddff0330482f3791fc52b986b5a62603e73</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2006</creationdate><topic>Applied sciences</topic><topic>Computer science; control theory; systems</topic><topic>Exact sciences and technology</topic><topic>Model Check</topic><topic>Path Feasibility</topic><topic>Program Point</topic><topic>Real Error</topic><topic>Software</topic><topic>Software engineering</topic><topic>Symbolic State</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Dhurjati, Dinakar</creatorcontrib><creatorcontrib>Das, Manuvir</creatorcontrib><creatorcontrib>Yang, Yue</creatorcontrib><collection>Pascal-Francis</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Dhurjati, Dinakar</au><au>Das, Manuvir</au><au>Yang, Yue</au><au>Yi, Kwangkeun</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Path-Sensitive Dataflow Analysis with Iterative Refinement</atitle><btitle>Lecture notes in computer science</btitle><date>2006</date><risdate>2006</risdate><spage>425</spage><epage>442</epage><pages>425-442</pages><issn>0302-9743</issn><eissn>1611-3349</eissn><isbn>9783540377566</isbn><isbn>3540377565</isbn><eisbn>9783540377580</eisbn><eisbn>3540377581</eisbn><abstract>In this paper, we present a new method for supporting abstraction refinement in path-sensitive dataflow analysis. We show how an adjustable merge criterion can be used as an interface to control the degree of abstraction. In particular, we partition the merge criterion with two sets of predicates — one related to the dataflow facts being propagated and the other related to path feasibility. These tracked predicates are then used to guide merge operations and path feasibility analysis, so that expensive computations are performed only at the right places. Refinement amounts to lazily growing the path predicate set to recover lost precision. We have implemented our refinement technique in ESP, a software validation tool for C/C++ programs. We apply ESP to validate a future version of Windows against critical security properties. Our experience suggests that applying iterative refinement to path-sensitive dataflow analysis is both effective in cutting down spurious errors and scalable enough for solving real world problems.</abstract><cop>Berlin, Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1007/11823230_27</doi><tpages>18</tpages></addata></record>
fulltext fulltext
identifier ISSN: 0302-9743
ispartof Lecture notes in computer science, 2006, p.425-442
issn 0302-9743
1611-3349
language eng
recordid cdi_pascalfrancis_primary_19206628
source Springer Books
subjects Applied sciences
Computer science
control theory
systems
Exact sciences and technology
Model Check
Path Feasibility
Program Point
Real Error
Software
Software engineering
Symbolic State
title Path-Sensitive Dataflow Analysis with Iterative Refinement
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-21T11%3A29%3A51IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-pascalfrancis_sprin&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Path-Sensitive%20Dataflow%20Analysis%20with%20Iterative%20Refinement&rft.btitle=Lecture%20notes%20in%20computer%20science&rft.au=Dhurjati,%20Dinakar&rft.date=2006&rft.spage=425&rft.epage=442&rft.pages=425-442&rft.issn=0302-9743&rft.eissn=1611-3349&rft.isbn=9783540377566&rft.isbn_list=3540377565&rft_id=info:doi/10.1007/11823230_27&rft_dat=%3Cpascalfrancis_sprin%3E19206628%3C/pascalfrancis_sprin%3E%3Curl%3E%3C/url%3E&rft.eisbn=9783540377580&rft.eisbn_list=3540377581&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true